Commit Graph

46 Commits

Author SHA1 Message Date
Paul Morton e4899de13e provider/aws: New SSM Parameter resource (#15035)
* New SSM Parameter resource

Can be used for creating parameters in AWS' SSM Parameter Store that can then be used by other applications that have access to AWS and necessary IAM permissions.

* Add docs for new SSM Parameter resource

* Code Review and Bug Hunt and KMS Key
- Addressed all issues in #14043
- Added ForceNew directive to type
- Added the ability to specify a KMS key for encryption and decryption

* Add SSM Parameter Data Source

* Fix bad merge

* Fix SSM Parameter Integration Tests

* docs/aws: Fix typo in SSM sidebar link
2017-06-06 09:55:25 +01:00
Jake Champlin 96e83817ef
provider/aws: validation: Add validation function for IAM Policies
The previous JSON validator that we were using for IAM policy documents wouldn't catch AWS IAM Policy errors.
The supplied policy document would pass our validator, then fail with the following API error:

```
 * aws_iam_role_policy.foo: Error putting IAM role policy tf_test_policy_ymw7hbil9w: MalformedPolicyDocument: The policy failed legacy parsing
                        status code: 400, request id: e7615d90-3c99-11e7-babc-c14e741605bf
```

This happens if the Policy Document doesn't start with the opening JSON bracket, and often happens in the following case:

```
policy = <<EOF
  {
      "Version": "2012-10-17",
      "Statement": [
          {
            ...
          }
      ]
  }
  EOF
```

Where, when using a HEREDOC, the policy document is indented incorrectly.

The new validation function for the IAM policies verifies that the first character of the supplied policy document is the leading JSON bracket, prior to validating the JSON string.

Test Output:

```
$ make test TEST=./builtin/providers/aws/ TESTARGS="-v -run=TestValidateIAMPolicyJsonString"
==> Checking that code complies with gofmt requirements...
==> Checking AWS provider for unchecked errors...
==> NOTE: at this time we only look for uncheck errors in the AWS package
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 10:56:32 Generated command/internal_plugin_list.go
go test -i ./builtin/providers/aws/ || exit 1
echo ./builtin/providers/aws/ | \
        xargs -t -n4 go test -v -run=TestValidateIAMPolicyJsonString -timeout=60s -parallel=4
go test -v -run=TestValidateIAMPolicyJsonString -timeout=60s -parallel=4 ./builtin/providers/aws/
=== RUN   TestValidateIAMPolicyJsonString
--- PASS: TestValidateIAMPolicyJsonString (0.00s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    0.009s
```

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAWSPolicy_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 10:38:43 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAWSPolicy_ -timeout 120m
=== RUN   TestAWSPolicy_namePrefix
--- PASS: TestAWSPolicy_namePrefix (20.01s)
=== RUN   TestAWSPolicy_invalidJson
--- PASS: TestAWSPolicy_invalidJson (0.00s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    20.027s
```

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMRolePolicy_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 11:02:56 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMRolePolicy_ -timeout 120m
=== RUN   TestAccAWSIAMRolePolicy_importBasic
--- PASS: TestAccAWSIAMRolePolicy_importBasic (18.45s)
=== RUN   TestAccAWSIAMRolePolicy_basic
--- PASS: TestAccAWSIAMRolePolicy_basic (35.92s)
=== RUN   TestAccAWSIAMRolePolicy_namePrefix
--- PASS: TestAccAWSIAMRolePolicy_namePrefix (14.78s)
=== RUN   TestAccAWSIAMRolePolicy_generatedName
--- PASS: TestAccAWSIAMRolePolicy_generatedName (20.20s)
=== RUN   TestAccAWSIAMRolePolicy_invalidJSON
--- PASS: TestAccAWSIAMRolePolicy_invalidJSON (0.00s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    89.363s
```
2017-05-19 11:11:44 -04:00
Gauthier Wallet c8ce9883bb provider/aws: Improved IAM Role description tests (#14220) 2017-05-05 17:03:59 +03:00
Tom Elliff 18c6c3b47b Validate WAF metric names
WAF metric names must be alphanumeric only.
See http://docs.aws.amazon.com/waf/latest/developerguide/web-acl-rules.html#web-acl-rules-creating and
http://docs.aws.amazon.com/waf/latest/developerguide/web-acl-working-with.html#web-acl-creating
2017-04-23 21:46:39 +01:00
Gauthier Wallet 80d940d154 provider/aws: Added Cognito Identity Pool (#13783) 2017-04-21 12:53:48 +03:00
KOJIMA Kazunori 47d255f943 provider/aws: Add aws_kms_alias datasource (#13669) 2017-04-18 15:29:14 +03:00
Paul Hinze 193c0d80ad
provider/aws: Validate GovCloud KMS ARNs
Fixes validation errors in GovCloud when passing a KMS ARN for
`kms_key_id` in `s3_bucket_object` and `db_instance`.

The region is `us-gov-west-1` which breaks the regexp. Just added the
optional `gov-` in the right place.
2017-04-16 22:35:09 -07:00
Joshua Spence 8d5fdeae57 Add `name_prefix` support to `aws_cloudwatch_log_group` (#13273) 2017-04-17 01:50:52 +03:00
Radek Simko 668a09aa00
provider/aws: Add diff suppression & validation for OpenID URL 2017-04-07 22:15:35 +01:00
Joshua Spence d25c310468 Add `name_prefix` to RDS resources (#13232)
Adds `name_prefix` (or, in some cases, `identifier_prefix`) support to all AWS RDS resources.
2017-03-31 20:22:57 +03:00
Joshua Spence f40997988e Add `name_prefix` to `aws_autoscaling_group` and `aws_elb` resources (#12629)
Adds support for `name_prefix` to the `aws_autoscaling_group` and `aws_elb` resources. Unfortunately when using `name_prefix` with `aws_elb`, this means that the specified prefix can only be a maximum of 6 characters in length. This is because the maximum length for an ELB name is 32 characters, and `resource.PrefixedUniqueId` generates a 26-character unique identifier. I was considering truncating the unique identifier to allow for a longer `name_prefix`, but I worried that doing so would increase the risk of collisions.
2017-03-20 13:06:45 +00:00
Gauthier Wallet 323f646b42 provider/aws: Added API Gateway Usage Plan (#12542)
* Added api_gateway_usage_plan

* Updated documentation

* Fixed AWS usage plan review points
2017-03-18 14:18:19 +00:00
Joshua Spence b823033514 Allow `name_prefix` to be used with various IAM resources (#12658)
Adds the `name_prefix` to `aws_iam_group_policy`, `aws_iam_role_policy` and `aws_iam_user_policy`.
2017-03-17 16:48:42 +00:00
Matt Dainty c5ea37c0ee Add `aws_iam_account_alias` resource (#12648) 2017-03-14 15:35:38 +02:00
Xavier Sellier dbe647dd56 Add epsilon to the regex date validation 2017-02-03 13:52:22 -05:00
Jack Bruno be56c7d2f6 provider/aws: Add AWS DMS (data migration service) resources (#11122)
* Add aws dms vendoring

* Add aws dms endpoint resource

* Add aws dms replication instance resource

* Add aws dms replication subnet group resource

* Add aws dms replication task resource

* Fix aws dms resource go vet errors

* Review fixes: Add id validators for all resources. Add validator for endpoint engine_name.

* Add aws dms resources to importability list

* Review fixes: Add aws dms iam role dependencies to test cases

* Review fixes: Adjustments for handling input values

* Add aws dms replication subnet group tagging

* Fix aws dms subnet group doesn't use standard error for resource not found

* Missed update of aws dms vendored version

* Add aws dms certificate resource

* Update aws dms resources to force new for immutable attributes

* Fix tests failing on subnet deletion by adding explicit dependencies. Combine import tests with basic tests to cut down runtime.
2017-02-02 10:30:05 +00:00
Raymond Fallon b30ef0f58d Update Application Auto Scaling to support scaling an Amazon EC2 Spot fleet. (#8697)
* provider/aws: Update Application Auto Scaling service model

  - Add support for automatically scaling an Amazon EC2 Spot fleet.

* Remove duplicate policy_type check.

* Test creating a scalable target for a splot fleet request.

* Test creating a scaling policy for a splot fleet request.

* Update resource docs to support scaling an Amazon EC2 Spot fleet.

  - aws_appautoscaling_policy
  - aws_appautoscaling_target

* Remove arn attribute from aws_appautoscaling_target

  - No arn is generated or returned for this resource.

* Remove optional name attribute from aws_appautoscaling_target

  - ScalableTargets do not have a name
  - I think this was copied from aws_appautoscaling_policy

* AWS Application Autoscaling resource documentation tweaks

  - include a target resource in the policy example
  - sort attributes by alpha
  - fixup markdown
  - add spaces to test config
2017-02-02 09:39:22 +00:00
Gauthier Wallet 4da1451971 Added Step Function resources (State Machine & Activity) (#11420)
* Added Step Function Activity & Step Function State Machine

* Added SFN State Machine documentation

* Added aws_sfn_activity & documentation

* Allowed import of sfn resources

* Added more checks on tests, fixed documentation

* Handled the update case of a SFN function (might be already deleting)

* Removed the State Machine import test file

* Fixed the eventual consistency of the read after delete for SFN functions
2017-01-31 20:17:38 +00:00
Jake Champlin 0cd69d2101 Merge pull request #11411 from hashicorp/f-emr-instance-ebs-volumes
provider/aws: Add EBS Volume support for EMR Instance Groups
2017-01-27 09:57:28 -05:00
Jake Champlin a60f35e694
provider/aws: Add EBS Volume support for EMR Instance Groups
Adds EBS Volume support and tests for EMR Instnace Groups

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEMRInstanceGroup_ebsBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/25 10:14:58 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEMRInstanceGroup_ebsBasic -timeout 120m
=== RUN   TestAccAWSEMRInstanceGroup_ebsBasic
--- PASS: TestAccAWSEMRInstanceGroup_ebsBasic (675.14s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    675.171s
```
2017-01-25 10:29:41 -05:00
Brad Larson c5c2d27e25 Fix: Incorrect AWS Lambda Qualifier Regexp
Type of change:
===============
- Bug fix

What changed? ... and Why:
==========================
The regexp is currently set to:
`pattern := `^[a-zA-Z0-9$_]+$`

The AWS docs state that qualifer names must conform to the following
regexp:
`Pattern: (|[a-zA-Z0-9$_-]+)`

As you can see, the current regexp in Terraform is missing the `-` at
the end.

This addresses that.

How has it been tested?
=======================
Added a few test cases to the existing spec for `AwsLambdaQualifier`
validation.
2017-01-24 15:57:57 +00:00
Jake Champlin 8159731c91
provider/aws: Allow ARN identifier to be set
Allows users from govcloud and other regions (aws-cn) to now use the following resources correctly:

```
- data "aws_billing_service_account"
- data "aws_elb_service_account"
- resource "aws_cloudfront_origin_access_identity"
- resource "aws_ecs_service"
- resource "aws_iam_saml_provider"
- resource "aws_lambda_permission"
- resource "aws_sns_topic_policy"
```
2017-01-23 11:30:28 -05:00
Jake Champlin b9ade93a48 Merge pull request #11298 from hashicorp/f-update-ecs-definitions-constraints
provider/aws: Update ECS task_definition and service
2017-01-20 17:34:10 -05:00
Dylan Vaughn 2aca4a4d99 provider/aws: CloudFormation YAML template support (#11121) 2017-01-20 14:00:32 +00:00
Jake Champlin 5276496e6d
provider/aws: Update ECS task_definition and service
Updates ECS task_definition documentation, and schema validation functions to match the AWS API documentation.

Updates ECS service documentation, and schema validation functions match the AWS API documentation.
2017-01-19 17:54:52 -05:00
Jake Champlin 1955ac38bc
provider/aws: Route53 Record: Add Type validation
Adds validation for the `type` parameter of an `aws_route53_record` resource.

This will allow Terraform to catch any user errors of a `type` parameter during a `terraform plan` instead of during a `terraform apply`.

Fixes: #11114
2017-01-09 15:45:26 -05:00
Kazuma Watanabe c560c72e58 provider/aws: Validate window time format (#11089)
* create window format validate function

* apply ValidateFunc for window time format
2017-01-09 13:12:07 +00:00
Ninir d126570712 provider/aws: Added a validation for security group rule types (#10864) 2016-12-30 00:26:01 +00:00
Ninir 5dbc66012e provider/aws: Reworked validateArn function to handle empty values (#10833) 2016-12-27 20:52:22 +00:00
Ninir 99be2d3280 provider/aws: Improved the SNS topic subscription protocols validation 2016-12-13 17:54:52 +01:00
Ninir fc5b05ebc1 provider/aws: Added SQS FIFO queues (#10614) 2016-12-12 17:40:59 +00:00
Ninir 29f8af16a1 provider/aws: Added S3 Bucket replication (#10552) 2016-12-08 11:59:13 +01:00
Krzysztof Wilczynski 6393ad743f Add missing unit test and re-factor for clarity.
This commit adds a missing unit test for the API Gateway integration type
attribute validation helper, plus changes the way how value is inspected
to a simple lookup table. Additionally, changes the wording of the error
message, and adds invalid test cases to the HTTP method validation helper.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-11 08:17:05 -05:00
Krzysztof Wilczynski 1260b3a9b5
Add new "ANY" as valid HTTP method to API Gateway validator.
This commit adds a new HTTP method to a list of valid HTTP methods which
is now accepted by API Gateway.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-06 16:11:45 +01:00
Krzysztof Wilczynski 5697a52b4f [WIP] provider/aws: Add normalizeJsonString and validateJsonString functions. (#8028)
* Add normalizeJsonString and validateJsonString functions.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Add unit test for the normalizeJsonString helper function.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Fix. Remove incrrect format string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Remove surplus type assertion.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Add unit test for the validateJsonStringhelper function.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Remove surplus whitespaces.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-17 19:50:38 +01:00
Radek Simko 2ad84a51df
provider/aws: Fix misspelled words 2016-09-12 07:23:34 +01:00
Kraig Amador 1f80ec48d0 Added RDS event subscriptions (#6367) 2016-05-05 11:14:25 +01:00
Paul Stack 5f874c9487 provider/aws: Extends the `aws_elasticache_cluster` validation (#6332)
The validation as part of #6330 was only for length. This PR adds the
rules for alphanumeric, not having -- within, not ending with a - and
that the id must start with a letter.

The PR also adds tests for these rules
2016-04-25 21:44:55 +01:00
Radek Simko d31a6ac47f provider/aws: Add support for api_gateway_authorizer (#6320) 2016-04-25 12:22:37 +01:00
KOJIMA Kazunori 5e33517394 provider/aws: Add support S3 Object Lifecycle Rule (#6220)
* providers/aws: Add support S3 Object Lifecycle Rule

* Fix failed vet command

* Fix failed acceptance tests

* Check nil pointer before dereference.

* Move S3 lifecycle rule id validator func to validators.go

* Don't fail when get lifecycle rule's response code is 404
2016-04-20 11:16:14 +01:00
Radek Simko af93183459 provider/aws: Add validation for CW Log Metric Filter 2016-03-15 15:01:21 +00:00
Raphael Randschau 032e6081cb Add aws_api_gateway_method resource 2016-03-05 23:21:38 +01:00
Paul Hinze ce74e3d8f0 provider/aws: improve vpc cidr_block err message
Pull CIDR block validation into a shared func ready to be used elsewhere

Example of new err message:

```
Errors:

  * aws_vpc.foo: "cidr_block" must contain a valid network CIDR,
    expected "10.0.0.0/16", got "10.0.1.0/16"
```
2016-02-22 16:44:33 -06:00
Radek Simko b7a63c15f9 provider/aws: Add tests for new validators 2016-02-15 17:16:41 +00:00
Radek Simko ab89e5e528 provider/aws: Add CloudWatch Event Rule 2016-02-13 13:21:32 +00:00
Radek Simko d853d2cc93 aws: Add validation for ECR repository name 2015-12-23 16:07:53 +01:00